Jump to content

Search the Community

Showing results for tags 'government'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 12 results

  1. The Australian government’s Digital Transformation Agency (DTA) has spent more than A$200 million over the past five years developing a National Digital ID platform. If successful, the project could streamline commerce, resolve bureaucratic quagmires, and improve national security. The emerging results of the project may give the Australian public cause for concern. Two mobile apps built on the DTA’s Trusted Digital Identification Framework (TDIF) have recently been released to consumers. The apps, myGovID and Digital ID, were developed by the Australian Taxation Office (ATO) and Australia Post, respectively. Both apps were released without fanfare or glossy marketing campaigns to entice users. This is in keeping with more than five years of stealthy administrative decision-making and policy development in the National Digital ID project. Now, it seems, we are set to hear more about it. An existing digital identity scheme for businesses called AUSkey will be retired and replaced with the new National Digital ID in March, and the DTA has recently put out a contract for a “Digital Identity Communication and Engagement Strategy”. The DTA’s renewed investment in public communications is a welcome change of pace, but instead of top-down decision-making, why not try consultation and conversation? We fear what we don’t understand Ever since the Hawke government’s ill-fated Australia Card proposal in the 1980s, Australians have consistently viewed national identification schemes with contempt. Some have suggested that the DTA’s silence comes from fear of a backlash. History provides insight into some, but not all, of the numerous potential reasons for the DTA’s strategic opacity. For example, people do not respond positively to what they do not understand. Surveys suggest that fewer than one in four Australians have a strong understanding of digital identification. The National Digital ID project was launched more than five years ago. Why hasn’t the public become familiar with these technologies? What is the TDIF? Part of an overview of the TDIF available on the DTA website. Trusted Digital Identity Framework (TDIF)™: 02 - Overview © Commonwealth of Australia (Digital Transformation Agency) 2019. The TDIF is what’s known as a federated digital identification system. This means it relies on multiple organisations called Identity Providers, who act as central repositories for identification. In essence, you identify yourself to the Identity Provider, which then vouches for you to third parties in much the same way you might use a Google or Facebook account to log in to a news website. The difference in this case is that Identity Providers will control, store and manage all user information – which is likely to include birth certificates, marriage certificates, tax returns, medical histories, and perhaps eventually biometrics and behavioural information too. There are currently two government organisations offering Identity Service Providers: the Australian Tax Office (ATO) and Australia Post. By their nature, Identity Providers consolidate information in one place and risk becoming a single point of failure. This exposes users to harms associated with the possibility of stolen or compromised personal information. Another weakness of the TDIF is that it doesn’t allow for releasing only partial information about a person. For example, people might be willing to share practically all their personal information with a large bank. However, few will voluntarily disclose such a large amount of personal information indiscriminately – and the TDIF doesn’t give the option to control what is disclosed. Securing sovereignty over identity It might have been reasonable to keep the National Digital ID project quiet when it launched, but a lot has changed in the past five years. For example, some localities in Canada and Switzerland, faced with similar challenges, chose an alternative to the federated model for their Digital ID systems. Instead, they used the principles of what is called Self Sovereign Identity (SSI). Self-sovereign systems offer the same functions and capabilities as the DTA’s federated system. And they do so without funnelling users through government-controlled Identity Providers. Instead, self-sovereign systems let users create, manage and use multiple discrete digital identities. Each identity can be tailored to its function, with different attributes attached according to necessity. Authentication systems like this offer control over the disclosure of personal information. This is a feature that may considerably enhance the privacy, security and usability of digital identification. Moving forward Based on the idea of giving control to users, self-sovereign digital identification puts its users ahead of any institution, organisation or state. Incorporating elements from the self-sovereign approach might make the Australian system more appealing by addressing public concerns. And self-sovereign identity is just one example of many technologies already available to the DTA. The possibilities are vast. However, those possibilities can only be explored if the DTA starts engaging directly with the general public, industry and academia. Keeping Australia’s Digital National ID scheme cloaked will only increase negative sentiment towards digital identity schemes. Even if self-sovereign identity proved appealing to the public, there would still be plenty of need for dialogue. For example, people would need to enrol into the identification program by physically visiting a white-listed facility (such as a post office). That alone poses several technological, economic, social and political challenges. Regardless of the direction Australia takes for the Digital National ID, there will be problems that need to be solved – and these will require dialogue and transparency. Government and other organisations may not support a self-sovereign identity initiative, as it would give them less information about and administrative control over their constituents or clients. Nonetheless, the implementation of a national identity scheme by stealth will only give the Australian public good reason for outrage, and it might culminate in intensified and unwanted scrutiny. To prevent this from occurring, the DTA’s project needs to be brought out of hiding. It is only with transparency and a dialogue open to all Australians that the public’s concerns can be addressed in full. Source
  2. Snowden won’t make profits from Permanent Record Edward Snowden is not entitled to any profits from the sales of his memoir and the United States government can instead claim the proceeds, a federal judge found in a decision yesterday. The National Security Agency leaker published the book, called Permanent Record, in September, but the Justice Department immediately stepped in with a lawsuit. Usually, intelligence agencies submit works to a prepublication review process to ensure no government secrets are released. The government argued that since Snowden had failed to provide the book for a contractually obligated review, he had no right to the profits from the book or his public speeches. Snowden’s lawyers have countered that it would be impossible for the book to receive a good-faith review from the government. But in yesterday’s ruling, a federal judge in Virginia sided with the government, finding that “the contractual language is clear.” The judge writes that Snowden’s “failure to participate in the prepublication review process” made it impossible for the judge to question hypothetical decisions about that review. Brett Max Kaufman, a senior staff attorney with the ACLU’s Center for Democracy who worked on Snowden’s legal team, said in a statement that it was “farfetched” to think Snowden’s book would receive a fair government review. “We disagree with the court’s decision and will review our options,” Kaufman said, “but it’s more clear than ever that the unfair and opaque prepublication review system affecting millions of former government employees needs major reforms.” Source
  3. A year ago, we asked some of the most prominent smart home device makers if they have given customer data to governments. The results were mixed. The big three smart home device makers — Amazon, Facebook and Google (which includes Nest) — all disclosed in their transparency reports if and when governments demand customer data. Apple said it didn't need a report, as the data it collects was anonymized. As for the rest, none had published their government data-demand figures. In the year that's past, the smart home market has grown rapidly, but the remaining device makers have made little to no progress on disclosing their figures. And in some cases, it got worse. Smart home and other internet-connected devices may be convenient and accessible, but they collect vast amounts of information on you and your home. Smart locks know when someone enters your house, and smart doorbells can capture their face. Smart TVs know which programs you watch and some smart speakers know what you're interested in. Many smart devices collect data when they're not in use — and some collect data points you may not even think about, like your wireless network information, for example — and send them back to the manufacturers, ostensibly to make the gadgets — and your home — smarter. Because the data is stored in the cloud by the devices manufacturers, law enforcement and government agencies can demand those companies turn over that data to solve crimes. But as the amount of data collection increases, companies are not being transparent about the data demands they receive. All we have are anecdotal reports — and there are plenty: Police obtained Amazon Echo data to help solve a murder; Fitbit turned over data that was used to charge a man with murder; Samsung helped catch a sex predator who watched child abuse imagery; Nest gave up surveillance footage to help jail gang members; and recent reporting on Amazon-owned Ring shows close links between the smart home device maker and law enforcement. Here's what we found. Smart lock and doorbell maker August gave the exact same statement as last year, that it "does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA)." But August spokesperson Stephanie Ng would not comment on the number of non-national security requests — subpoenas, warrants and court orders — that the company has received, only that it complies with "all laws" when it receives a legal demand. Roomba maker iRobot said, as it did last year, that it has "not received" any government demands for data. "iRobot does not plan to issue a transparency report at this time," but it may consider publishing a report "should iRobot receive a government request for customer data." Arlo, a former Netgear smart home division that spun out in 2018, did not respond to a request for comment. Netgear, which still has some smart home technology, said it does "not publicly disclose a transparency report." Amazon-owned Ring, whose cooperation with law enforcement has drawn ire from lawmakers and faced questions over its ability to protect users' privacy, said last year it planned to release a transparency report in the future, but did not say when. This time around, Ring spokesperson Yassi Shahmiri would not comment and stopped responding to repeated follow-up emails. Honeywell spokesperson Megan McGovern would not comment and referred questions to Resideo, the smart home division Honeywell spun out a year ago. Resideo's Bruce Anderson did not comment. And just as last year, Samsung, a maker of smart devices and internet-connected televisions and other appliances, also did not respond to a request for comment. On the whole, the companies' responses were largely the same as last year. But smart switch and sensor maker Ecobee, which last year promised to publish a transparency report "at the end of 2018," did not follow through with its promise. When we asked why, Ecobee spokesperson Kristen Johnson did not respond to repeated requests for comment. Based on the best available data, August, iRobot, Ring and the rest of the smart home device makers have hundreds of millions of users and customers around the world, with the potential to give governments vast troves of data — and users and customers are none the wiser. Transparency reports may not be perfect, and some are less transparent than others. But if big companies — even after bruising headlines and claims of co-operation with surveillance states — disclose their figures, there's little excuse for the smaller companies. This time around, some companies fared better than their rivals. But for anyone mindful of their privacy, you can — and should — expect better. Source
  4. It's time for the government to step in and regulate big tech companies, says Microsoft co-founder Bill Gates. With tech giants like Google, Facebook, Amazon and others exerting so much influence over culture and the economy, not to mention users' daily lives, it's become necessary for lawmakers to become more involved in how those companies deal with essential issues like privacy and cyberbullying, Gates said in an interview posted online by Bloomberg on Wednesday. "Technology has become so central that government has to think: What does that mean about elections? What does that mean about bullying?" Gates said in the interview, which took place at the Economic Club of Washington, DC in June. "So, yes, the government needs to get involved." Gates expects that one area where we're likely to see additional government regulation of tech companies is around the issue of data privacy. Facebook, Google and other tech companies (Microsoft included) have been rocked by a series of privacy scandals in recent years that affected millions of users' personal information. "There will be more regulation of the tech sector, things like privacy … there should be, at some point, federal regulation that relates to that," Gates said. Meanwhile, the fact that more and more people today get their information online, including from social media platforms, has sparked concerns from regulators over whether or not tech companies are taking enough precautions to stop the spread of misinformation on their platforms. Count Gates among those who believe that government regulations could help ensure that the information being widely disseminated on many of those online platforms can be trusted. "The fact that, now, this is the way people consume media has really brought it into a realm where we need to shape it so that the benefits need to outweigh the negatives," he said in the interview. 1:37 Of course, Gates wasn't always such a fan of government oversight of the tech industry. As CEO of Microsoft until 2000, Gates and the company spent nearly a decade pushing back against the government's attempts at labeling Microsoft a monopoly. The Department of Justice began an antitrust investigation into Microsoft in 1992 before suing the company in 1998. Microsoft eventually reached a settlement with the government in 2001, with the deal imposing multiple rules the company had to follow for several years, including sharing the company's records and source code with competitors. In the interview posted online by Bloomberg, Gates pointed out that newer tech companies might have learned a lesson from Microsoft's past actions. Tech companies today are "very engaged" with the government, Gates said, as tech leaders like Facebook's Mark Zuckerberg have expressed a willingness to work with the government on creating more tech regulations. "I, for the early years of Microsoft, bragged to people that I didn't have an office in Washington, DC, and eventually I came to regret that statement, because it was kind of almost like taunting [government regulators]," Gates said. Source
  5. The Electronic Privacy Information Center (“EPIC”), a civil liberties group based in Washington D.C., filed an amicus brief in the United States vs. Wilson case concerning Google scanning billions of users’ files for unlawful content and then sending that information to law enforcement agencies. Bypassing the Fourth Amendment EPIC alleges that law enforcement is using Google, a private entity, to bypass the Fourth Amendment, which requires due process and probable cause before “searching or seizing” someone’s property. As a private entity, Google doesn’t have to abide by the Fourth Amendment as the government has to, so it can do those mass searches on its behalf and then give the government the results. The U.S. government has been increasingly using this strategy to bypass Fourth Amendment protections of U.S. citizens and to expand its warrantless surveillance operations further. Image Hashes vs. Image Matches Google and a few other companies have “voluntarily” agreed to use a database of images hashes from the National Center for Missing and Exploited Children (NCMEC) to help the agency find exploited children. More than that, the companies would also give any information they have on the people who owned those images, given they are users of said companies’ services and have shared the images through those services. Image hash values are unique alphanumerical strings of characters that can be associatedwith images. These values are then used to match one image to another and see if the files are 100% identical. EPIC alleges that Google has gone even beyond this voluntary commitment to help NCMEC find criminals who exploit children by using image hash matching, and it’s now also using image matching techniques that can look at different files to see whether or not they contain a certain image. EPIC said this is very different from the first case of hash matching because image matching can result in many false positives (the algorithm can say that a certain file contains the original image, even though it doesn’t). Referring Innocent People to Law Enforcement EPIC noted that neither Google nor the government has revealed how the image matching algorithm works nor have they revealed accuracy, reliability, or validity of the technique, all of which are required for scientific evidence in court. EPIC argues that Google or other companies could use similar algorithms to scan not just for images of exploited children, but also for other purposes such as determining if files contain religious views, political opinions, or “banned books.” Google was recently involved in a controversy about its development of a censored search engine for China, called “Project Dragonfly.” The search engine would enable the identification of material that the Chinese government considers “sensitive,” which likely goes much further than images of exploited children. A Need for Algorithmic Transparency In the Carpenter vs. United States case, the Supreme Court recognized that the existing Fourth Amendment standards need to be reexamined in the new digital age. The Court ruled that the government couldn’t automatically track individuals’ locations everywhere they go for long periods of time without a warrant. If the equivalent of the digital surveillance translated to the physical world meant that the government would have to deploy costly surveillance operations that would rarely happen, then the much cheaper automated digital surveillance shouldn’t be permitted without a warrant, either. EPIC argued in its new briefing that automated scanning of files for various “crimes” falls into the same category. Even if the scanning of files can be cataloged as “private search,” the government would need to have “virtual certainty” that the files it intends to open are the same ones that were scanned by the private company, and this may not be possible. The government can’t guarantee that the files identified by Google are the same ones that the user uploaded. This is also why EPIC believes that algorithmic transparency is critical for software that interacts with the justice system and provides information that incriminates users of various services. Source
  6. T-Mobile has revealed an uptick in the number of demands for data it receives from the government. The cellular giant quietly posted its 2017 transparency report on August 14, revealing a 12 percent increase in the number of overall data demands it responded to compared to the previous year. The report said the company responded to 219,377 subpoenas, an 11 percent rise on 2017. These demands were issued by federal agencies and do not require any judicial oversight. The company also responded to 55,372 court orders, a 13 percent rise, and 27,203 warrants, a rise of 19 percent. But the number of wiretap orders — which allow police to listen in to calls in real time — went down by half on the previous year. A spokesperson for T-Mobile told TechCrunch that the figures reflect a “typical increase of legal demands across the board” and that the increases are “consistent with past years.” Although the results reveal more requests for customer data, the transparency report did not say how many customers were affected. T-Mobile has 77 million users as of its second-quarter earnings. Several tech companies began publishing how many government requests for customer data they received since Google’s debut report in 2010. But it was only after the Edward Snowden disclosures in 2013 that revealed mass surveillance by the National Security Agency when tech companies and telcos began regularly publishing transparency reports, seen as an effort to counter the damaging claims that companies helped the government spy. T-Mobile became the last major cell carrier to issue a transparency report two years later in 2015. The company also said that it responded to 64,266 requests by law enforcement for customers’ historical cell site data. That data became the focal point of the U.S. vs. Carpenter case earlier this year, in which the Supreme Court ruled that law enforcement must obtain a warrant for historical cell and location data. That figure is expected to fall during the 2018 reporting year as the new bar to obtain a court-signed warrant is higher. T-Mobile also said it received 46,395 requests to track customers’ real-time location, and 4,855 warrants and orders for tower dumps, which police can use to obtain information on all the nearby devices connected to a cell tower during a particular period of time. But the number of national security requests received declined during 2017. The number of national security letters used by federal agents to obtain call records in secret and the number of orders granted by the secret Foreign Intelligence Surveillance Court were each below 1,000 requests for the full year. Tech companies and telcos are highly restricted in how they can report the number of classified orders demanding customer data in secret, and can only report in ranges of requests they received. Since the Freedom Act was signed into law in 2015, the Justice Department began allowing companies to report in narrower ranges. Source
  7. from the an-NSL-a-day-keeps-the-oversight-away dept Apple has released its latest transparency report. It shows the United States, by far, has the most interest in obtaining user content and data from the company. New figures in the company's second biannual transparency report for 2017 show that Apple received 29,718 demands to access 309,362 devices in the second-half of the year. Data was turned over in 79 percent of cases. The number of demands are down slightly on the first half of the year, but the number devices that the government wanted access to rocketed. What it doesn't show, however, is how much is being obtained using only subpoenas. Warrants are needed for content. That Apple's latest report [PDF] makes clear. Any government agency seeking customer content from Apple must obtain a search warrant issued upon a showing of probable cause. But in 90% of cases listed in the report, only a subpoena was delivered to Apple. What isn't made explicitly clear is whether or not content was sought using something other than a warrant. Apple says the government requested content 608 times using 270 warrants, which isn't necessarily a problem, considering more than one device/account may have been targeted. That still leaves more than 4,000 subpoenas Apple classifies as "Device Requests." Unfortunately, sussing this out more granularly is pretty much impossible because Apple's definition of "device requests" leaves a lot to be desired. [D]evice-based requests received from a government agency [seek] customer data related to specific device identifiers, such as serial number or IMEI number. Device-based requests can be in various formats such as subpoenas, court orders or warrants. Given Apple's public battle with the DOJ over encryption, it's very likely the company is demanding warrants when customer content is sought. But it could do better breaking down these requests into content and non-content demands. That being said, there's a lot of detail in the report that isn't found in transparency reports by other tech companies. The whole thing is worth reading, if only to marvel at the massive amount of data demands being made by US law enforcement. And it appears the FBI (and other federal agencies) still prefer writing their own paperwork, rather than subject themselves to the minimal judicial scrutiny subpoenas require. National Security Letters are, by far, the most popular way for the government to seek subscriber/customer data. Apple received more than 16,000 NSLs targeting ~8,000 accounts in the last six months of 2017 alone. While Apple has refused to publish the NSL behind a successfully challenged gag order, it appears ready to add yet another layer of transparency to future reports. The company said beginning in the next transparency report -- expected later this year -- Apple will disclose the number of apps removed from its app stores. This should make the next report an even more interesting read. It would be nice if Apple would set up a clearinghouse for government demands -- a la Lumen's database of takedown/removal requests -- but for now, any transparency is better than the opacity we dealt with prior to Ed Snowden outing multiple pervasive surveillance programs. Apple Transparency 2nd Half 17 (PDF) Apple Transparency 2nd Half 17 (Text) Source
  8. Researchers believe a new encryption technique may be key to maintaining a balance between user privacy and government demands. For governments worldwide, encryption is a thorn in the side in the quest for surveillance, cracking suspected criminal phones, and monitoring communication. Officials are applying pressure on technology firms and app developers which provide end-to-end encryption services provide a way for police forces to break encryption. However, the moment you provide a backdoor into such services, you are creating a weak point that not only law enforcement and governments can use -- assuming that tunneling into a handset and monitoring is even within legal bounds -- but threat actors, and undermining the security of encryption as a whole. As the mass surveillance and data collection activities of the US National Security Agency hit the headlines, faith in governments and their ability to restrain such spying to genuine cases of criminality began to weaken. Now, the use of encryption and secure communication channels is ever-more popular, technology firms are resisting efforts to implant deliberate weaknesses in encryption protocols, and neither side wants to budge. What can be done? From the outset, something has got to give. However, researchers from Boston University believe they may have come up with a solution. On Monday, the team said they have developed a new encryption technique which will give authorities some access, but without providing unlimited access in practice, to communication. In other words, a middle ground -- a way to break encryption to placate law enforcement, but not to the extent that mass surveillance on the general public is possible. Mayank Varia, Research Associate Professor at Boston University and cryptography expert, has developed the new technique, known as cryptographic "crumpling." In a paper documenting the research, lead author Varia says that the new cryptography methods could be used for "exceptional access" to encrypted data for government purposes while keeping user privacy at large at a reasonable level. "Our approach places most of the responsibility for achieving exceptional access on the government, rather than on the users or developers of cryptographic tools," the paper notes. "As a result, our constructions are very simple and lightweight, and they can be easily retrofitted onto existing applications and protocols." The crumpling techniques use two approaches -- the first being a Diffie-Hellman key exchange over modular arithmetic groups which leads to an "extremely expensive" puzzle which must be solved to break the protocol, and the second a "hash-based proof of work to impose a linear cost on the adversary for each message" to recover. Crumpling requires strong, modern cryptography as a precondition as it allows per-message encryption keys and detailed management. The system requires this infrastructure so a small number of messages can be targeted without full-scale exposure. The team says that this condition will also only permit "passive" decryption attempts, rather than man-in-the-middle (MiTM) attacks. By introducing cryptographic puzzles into the generation of per-message cryptographic keys, the keys will be possible to decrypt but will require vast resources to do so. In addition, each puzzle will be chosen independently for each key, which means "the government must expend effort to solve each one." "Like a crumple zone in automotive engineering, in an emergency situation the construction should break a little bit in order to protect the integrity of the system as a whole and the safety of its human users," the paper notes. "We design a portion of our puzzles to match Bitcoin's proof of work computation so that we can predict their real-world marginal cost with reasonable confidence." To prevent unauthorized attempts to break encryption an "abrasion puzzle" serves as a gatekeeper which is more expensive to solve than individual key puzzles. While this would not necessarily deter state-sponsored threat actors, it may at least deter individual cyberattackers as the cost would not be worth the result. The new technique would allow governments to recover the plaintext for targeted messages, however, it would also be prohibitively expensive. A key length of 70 bits, for example -- with today's hardware -- would cost millions and force government agencies to choose their targets carefully and the expense would potentially prevent misuse. The research team estimates that the government could recover less than 70 keys per year with a budget of close to $70 million dollars upfront -- one million dollars per message and the full amount set out in the US' expanded federal budget to break encryption. However, there could also be additional costs of $1,000 to $1 million per message, and these kind of figures are difficult to conceal, especially as one message from a suspected criminal in a conversation without contextual data is unlikely to ever be enough to secure conviction. The research team says that crumpling can be adapted for use in common encryption services including PGP, Signal, as well as full-disk and file-based encryption. "We view this work as a catalyst that can inspire both the research community and the public at large to explore this space further," the researchers say. "Whether such a system will ever be (or should ever be) adopted depends less on technology and more on questions for society to answer collectively: whether to entrust the government with the power of targeted access and whether to accept the limitations on law enforcement possible with only targeted access." The research was funded by the National Science Foundation. Source
  9. Major US Sports Leagues Report Top Piracy Nations to Government The Sports Coalition, which includes prominent leagues such as the NBA, NFL, and MLB, has shared its concerns over sports piracy with the US Trade Representative. The coalition urges the US Government to place the Netherlands and Switzerland on the Priority Watch List, as many pirated games are broadcast from these European countries. While pirated Hollywood blockbusters often score the big headlines, there are several other industries that have been battling with piracy over the years. This includes sports organizations. Many of the major US leagues including the NBA, NFL, NHL, MLB and the Tennis Association, are bundling their powers in the Sports Coalition, to try and curb the availability of pirated streams and videos. A few days ago the Sports Coalition put the piracy problem on the agenda of the United States Trade Representative (USTR). “Sports organizations, including Sports Coalition members, are heavily affected by live sports telecast piracy, including the unauthorized live retransmission of sports telecasts over the Internet,” the Sports Coalition wrote. “The Internet piracy of live sports telecasts is not only a persistent problem, but also a global one, often involving bad actors in more than one nation.” The USTR asked the public for comments on which countries play a central role in copyright infringement issues. In its response, the Sports Coalition stresses that piracy is a global issue but singles out several nations as particularly problematic. The coalition recommends that the USTR should put the Netherlands and Switzerland on the “Priority Watch List” of its 2018 Special 301 Report, followed by Russia, Saudi Arabia, Seychelles and Sweden, which get a regular “Watch List” recommendation. The main problem with these countries is that hosting providers and content distribution networks don’t do enough to curb piracy. In the Netherlands, sawlive.tv, strikezoneme, wizlnet, AltusHost, Host Palace, Quasi Networks and SNEL pirated or provided services contributing to sports piracy, the coalition writes. In Switzerland, mlbstreamme, robinwidgetorg, strikeoutmobi, BlackHOST, Private Layer and Solar Communications are doing the same. According to the major sports leagues, the US Government should encourage these countries to step up their anti-piracy game. This is not only important for US copyright holders, but also for licensees in other countries. “Clearly, there is common ground – both in terms of shared economic interests and legal obligations to protect and enforce intellectual property and related rights – for the United States and the nations with which it engages in international trade to work cooperatively to stop Internet piracy of sports programming.” Whether any of these countries will make it into the USTR’s final list has yet to be seen. For Switzerland it wouldn’t be the first time but for the Netherlands it would be new, although it has been considered before. A document we received through a FOIA request earlier this year revealed that the US Embassy reached out to the Dutch Government in the past, to discuss similar complaints from the Sports Coalition. The same document also revealed that local anti-piracy group BREIN consistently urged the entertainment industries it represents not to advocate placing the Netherlands on the 301 Watch List but to solve the problems behind the scenes instead. SOURCE
  10. Australian Government Launches Pirate Site-Blocking Review After being passed almost three years ago, the Australian government has launched a review of its pirate site-blocking laws. The Department of Communications is seeking feedback on the effectiveness of the mechanism, from initial injunction application through to website blocking itself. Following intense pressure from entertainment industry groups, in 2014 Australia began developing legislation which would allow ‘pirate’ sites to be blocked at the ISP level. In March 2015 the Copyright Amendment (Online Infringement) Bill 2015 (pdf) was introduced to parliament and after just three months of consideration, the Australian Senate passed the legislation into law. Soon after, copyright holders began preparing their first cases and in December 2016, the Australian Federal Court ordered dozens of local Internet service providers to block The Pirate Bay, Torrentz, TorrentHound, IsoHunt, SolarMovie, plus many proxy and mirror services. Since then, more processes have been launched establishing site-blocking as a permanent fixture on the Aussie anti-piracy agenda. But with yet more applications for injunction looming on the horizon, how is the mechanism performing and does anything else need to be done to improve or amend it? Those are the questions now being asked by the responsible department of the Australian Government via a consultation titled Review of Copyright Online Infringement Amendment. The review should’ve been carried out 18 months after the law’s introduction in 2015 but the department says that it delayed the consultation to let more evidence emerge. “The Department of Communications and the Arts is seeking views from stakeholders on the questions put forward in this paper. The Department welcomes single, consolidated submissions from organizations or parties, capturing all views on the Copyright Amendment (Online Infringement) Act 2015 (Online Infringement Amendment),” the consultation paper begins. The three key questions for response are as follows: – How effective and efficient is the mechanism introduced by the Online Infringement Amendment? – Is the application process working well for parties and are injunctions operating well, once granted? – Are any amendments required to improve the operation of the Online Infringement Amendment? Given the tendency for copyright holders to continuously demand more bang for their buck, it will perhaps come as a surprise that at least for now there is a level of consensus that the system is working as planned. “Case law and survey data suggests the Online Infringement Amendment has enabled copyright owners to work with [Internet service providers] to reduce large-scale online copyright infringement. So far, it appears that copyright owners and [ISPs] find the current arrangement acceptable, clear and effective,” the paper reads. Thus far under the legislation there have been four applications for injunctions through the Federal Court, notably against leading torrent indexes and browser-based streaming sites, which were both granted. The other two processes, which began separately but will be heard together, at least in part, involve the recent trend of set-top box based streaming. Village Roadshow, Disney, Universal, Warner Bros, Twentieth Century Fox, and Paramount are currently presenting their case to the Federal Court. Along with Hong Kong-based broadcaster Television Broadcasts Limited (TVB), which has a separate application, the companies have been told to put together quality evidence for an April 2018 hearing. With these applications already in the pipeline, yet more are on the horizon. The paper notes that more applications are expected to reach the Federal Court shortly, with the Department of Communications monitoring to assess whether current arrangements are refined as additional applications are filed. Thus far, however, steady progress appears to have been made. The paper cites various precedents established as a result of the blocking process including the use of landing pages to inform Internet users why sites are blocked and who is paying. “Either a copyright owner or [ISP] can establish a landing page. If an [ISP] wishes to avoid the cost of its own landing page, it can redirect customers to one that the copyright owner would provide. Another precedent allocates responsibility for compliance costs. Cases to date have required copyright owners to pay all or a significant proportion of compliance costs,” the paper notes. But perhaps the issue of most importance is whether site-blocking as a whole has had any effect on the levels of copyright infringement in Australia. The Government says that research carried out by Kantar shows that downloading “fell slightly from 2015 to 2017” with a 5-10% decrease in individuals consuming unlicensed content across movies, music and television. It’s worth noting, however, that Netflix didn’t arrive on Australian shores until May 2015, just a month before the new legislation was passed. Research commissioned by the Department of Communications and published a year later in 2016 (pdf) found that improved availability of legal streaming alternatives was the main contributor to falling infringement rates. In a juicy twist, the report also revealed that Aussie pirates were the entertainment industries’ best customers. “The Department is aware that other factors — such as the increasing availability of television, music and film streaming services and of subscription gaming services — may also contribute to falling levels of copyright infringement,” the paper notes. Submissions to the consultation (pdf) are invited by 5.00 pm AEST on Friday 16 March 2018 via the government’s website. SOURCE
  11. Google has identified and blocked unauthorized digital certificates for a number of its domains issued by the National Informatics Centre (NIC) of India, a unit of India’s Ministry of Communications and Information Technology. National Informatics Center (NIC) holds several intermediate Certification Authority (CA) certs trusted by the Indian government’s top CA, Indian Controller of Certifying Authorities (India CCA), which are included in the Microsoft Root Store and so are trusted by a large number of applications running on Windows, including Internet Explorer and Chrome. The use of rogue digital certificates could result in a potentially serious security and privacy threat that could allow an attacker to spy on an encrypted communication between a user’s device and a secure HTTPS website, which is thought to be secure. Google became aware of the fake certificates last Wednesday on July 2 and within 24 hours, the Indian Controller of Certifying Authorities (India CCA) revoked all the NIC intermediate certificates and also issued a CRLSet to block the fraudulent certificates in Chrome. CRLSets enable Chrome to block certificates in an emergency. The search engine giant believes that no other root stores include the Indian CCA certificates, which means that Chrome on any other operating systems, Chrome OS, Android, iOS and OS X were not affected. “Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misused certificates for other sites may exist,” saidGoogle security engineer Adam Langley. Langley added that “Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of widespread abuse and we are not suggesting that people change passwords.” It’s the second high-profile incident of a government agency caught issuing fake SSL certificates since December, when Google revoked trust for a digital certificate for several of its domains, mistakenly signed by a French government intermediate certificate authority. Google has taken many measures to advance the security of its certificates, as SSL certificates are still one of the core elements of online security and still, since hundreds of entities issue certificates, it makes the company difficult to identify fake certs that aren’t following proper procedures. One such measure is Google’s recently launched Certificate Transparency project, which provides an open framework for monitoring and auditing SSL certificates in nearly real time. Specifically, Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. DigiCert was one of the first Certificate Authority’s to implement Certificate Transparency after working with Google for a year to pilot the project. Google also upgraded its SSL certificates from 1024-bit to 2048-bit RSA to make them more secure and unbreakable. Because longer key length would make it even more difficult for a cyber criminal to break the SSL connections that secure your emails, banking transactions and many more. Source
  12. Vodafone has revealed the extent of government snooping on its networks around the world, in a long report that appears to confirm the worst fears of privacy campaigners. The firm reveals that authorities in 29 countries have approached it for information on users, and while some are fairly open about their demands, others do not permit the company to reveal anything. However, more worryingly for those who value privacy, the report shows that in six countries Vodafone is obliged to allow governments to listen-in to communications at will, without obtaining a warrant first. Vodafone said it complies with these requests because it has to abide by the laws of the countries in which it operates. "In every country in which we operate, we have to abide by the laws of those countries which require us to disclose information about our customers to law enforcement agencies or other government authorities, or to block or restrict access to certain services," it said. "Refusal to comply with a country's laws is not an option. If we do not comply with a lawful demand for assistance, governments can remove our licence to operate, preventing us from providing services to our customers. Our employees who live and work in the country concerned may also be at risk of criminal sanctions, including imprisonment." The UK is fairly open about its demands, according to the report, but other countries, such as Turkey, will not let the firm reveal anything about its data requests. According to the report, the UK government made 2,760 interception requests, or warrants, and over half a million communications data requests. In the report, Vodafone calls on all governments to allow greater transparency and to consider the impact the actions of their intelligence agencies is having on business and consumers. "In our view, it is governments – not communications operators – who hold the primary duty to provide greater transparency on the number of agency and authority demands issued to operators," it said. "We believe that regulators, parliaments or governments will always have a far more accurate view of the activities of agencies and authorities than any one operator." In the meantime, Vodafone said it will continue to release all the information it can. "Whilst we have included factors relevant to national security powers in compiling this report, it is important to note that many countries prohibit the publication of any form of statistical information relating to national security demands," it said. "We think many governments could do more to ensure that the legal powers relied upon by agencies and authorities are fit for the internet age." Source
  • Create New...